Submission Details
Impact:
Likelihood:
[EVMNINJA-WW07] No Minimum LINK Deposit Verification
Root + Impact
Description
When registering a keeper, there is no verification that the provided LINK deposit is sufficient for Chainlink Automation operations. This could lead to underfunded upkeeps that fail prematurely.
function requestMintWeatherNFT(
// ...
uint256 _initLinkDeposit
) external payable returns (bytes32 _reqId) {
// ...
if (_registerKeeper) {
IERC20(s_link).safeTransferFrom(
msg.sender,
address(this),
_initLinkDeposit
);
}
// ...
}
Risk
Likelihood:
Medium likelihood
Impact:
Low impact
Proof of Concept
Recommended Mitigation
Implement a minimum LINK deposit requirement for keeper registration:
function requestMintWeatherNFT(
string memory _pincode,
string memory _isoCode,
bool _registerKeeper,
uint256 _heartbeat,
uint256 _initLinkDeposit
) external payable returns (bytes32 _reqId) {
// ...
if (_registerKeeper) {
// Define a minimum LINK deposit amount
uint256 minimumLinkDeposit = 5 * 10**18; // Example: 5 LINK tokens
require(_initLinkDeposit >= minimumLinkDeposit, "Insufficient LINK deposit for keeper");
IERC20(s_link).safeTransferFrom(
msg.sender,
address(this),
_initLinkDeposit
);
}
// ...
}
Updates
Appeal created
bube 5 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
[Invalid] The LINK deposit is not checked
This is informational/invalid. If the LINK deposit is not enough, the function `registerUpkeep` will revert and it is responsibility of the user to provide the correct amount of `_initLinkDeposit`, if the user wants automated weather updates.
Rewards breakdown
nSLOC
236This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.